Mock Version: 5.5 Mock Version: 5.5 Mock Version: 5.5 ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target noarch --nodeps /builddir/build/SPECS/lynis.spec'], chrootPath='/var/lib/mock/f40-build-99462-5871/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=864000uid=997gid=135user='mockbuild'nspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.apegum5n:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']unshare_net=TrueprintOutput=False) Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.apegum5n:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11'] Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', 'd2c96b459d49442981c3c910f774e7ba', '-D', '/var/lib/mock/f40-build-99462-5871/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.apegum5n:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"', '--setenv=PS1= \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target noarch --nodeps /builddir/build/SPECS/lynis.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1710720000 Wrote: /builddir/build/SRPMS/lynis-3.1.1-1.fc40.src.rpm Child return code was: 0 ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bb --noclean --target noarch --nodeps /builddir/build/SPECS/lynis.spec'], chrootPath='/var/lib/mock/f40-build-99462-5871/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=864000uid=997gid=135user='mockbuild'nspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.apegum5n:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']unshare_net=TrueprintOutput=False) Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.apegum5n:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11'] Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', 'e0921d323b574b06a2d12ff7beea4ff5', '-D', '/var/lib/mock/f40-build-99462-5871/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.apegum5n:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"', '--setenv=PS1= \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -bb --noclean --target noarch --nodeps /builddir/build/SPECS/lynis.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1710720000 Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.ibOOop + umask 022 + cd /builddir/build/BUILD + cd /builddir/build/BUILD + rm -rf lynis + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/lynis-3.1.1.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd lynis + rm -rf /builddir/build/BUILD/lynis-SPECPARTS + /usr/bin/mkdir -p /builddir/build/BUILD/lynis-SPECPARTS + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + /usr/bin/git init -q + /usr/bin/git config user.name rpm-build + /usr/bin/git config user.email '' + /usr/bin/git config gc.auto 0 + /usr/bin/git add --force . + /usr/bin/git commit -q --allow-empty -a --author 'rpm-build ' -m 'lynis-3.1.1 base' + /usr/bin/git checkout --track -b rpm-build Switched to a new branch 'rpm-build' branch 'rpm-build' set up to track 'master'. + RPM_EC=0 ++ jobs -p + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.AkvNNS + umask 022 + cd /builddir/build/BUILD + CFLAGS='-O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fno-omit-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fno-omit-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fno-omit-frame-pointer -I/usr/lib/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fno-omit-frame-pointer -I/usr/lib/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd lynis + RPM_EC=0 ++ jobs -p + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.9wyG86 + umask 022 + cd /builddir/build/BUILD + '[' /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch '!=' / ']' + rm -rf /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch ++ dirname /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch + mkdir -p /builddir/build/BUILDROOT + mkdir /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch + CFLAGS='-O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fno-omit-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fno-omit-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fno-omit-frame-pointer -I/usr/lib/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fno-omit-frame-pointer -I/usr/lib/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd lynis + mkdir -p /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/etc/lynis + install -p default.prf /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/etc/lynis + mkdir -p /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/bin + install -p lynis /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/bin + mkdir -p /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/man/man8 + install -p lynis.8 /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/man/man8 + mkdir -p /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/ + install -p include/binaries include/consts include/data_upload include/functions include/helper_audit_dockerfile include/helper_configure include/helper_generate include/helper_show include/helper_system_remote_scan include/helper_update include/osdetection include/parameters include/profiles include/report include/tests_accounting include/tests_authentication include/tests_banners include/tests_boot_services include/tests_containers include/tests_crypto include/tests_custom.template include/tests_databases include/tests_dns include/tests_file_integrity include/tests_file_permissions include/tests_filesystems include/tests_firewalls include/tests_hardening include/tests_homedirs include/tests_insecure_services include/tests_kernel include/tests_kernel_hardening include/tests_ldap include/tests_logging include/tests_mac_frameworks include/tests_mail_messaging include/tests_malware include/tests_memory_processes include/tests_nameservices include/tests_networking include/tests_php include/tests_ports_packages include/tests_printers_spoolers include/tests_scheduling include/tests_shells include/tests_snmp include/tests_squid include/tests_ssh include/tests_storage include/tests_storage_nfs include/tests_system_integrity include/tests_time include/tests_tooling include/tests_usb include/tests_virtualization include/tests_webservers include/tool_tips /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/ + chmod 644 /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/binaries /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/consts /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/data_upload /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/functions /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/helper_audit_dockerfile /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/helper_configure /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/helper_generate /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/helper_show /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/helper_system_remote_scan /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/helper_update /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/osdetection /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/parameters /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/profiles /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/report /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_accounting /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_authentication /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_banners /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_boot_services /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_containers /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_crypto /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_custom.template /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_databases /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_dns /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_file_integrity /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_file_permissions /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_filesystems /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_firewalls /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_hardening /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_homedirs /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_insecure_services /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_kernel /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_kernel_hardening /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_ldap /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_logging /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_mac_frameworks /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_mail_messaging /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_malware /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_memory_processes /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_nameservices /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_networking /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_php /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_ports_packages /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_printers_spoolers /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_scheduling /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_shells /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_snmp /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_squid /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_ssh /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_storage /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_storage_nfs /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_system_integrity /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_time /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_tooling /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_usb /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_virtualization /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tests_webservers /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/include/tool_tips + mkdir -p /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/plugins/ + install -p plugins/README plugins/custom_plugin.template /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/plugins/ + cp -pR db/ /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/lynis/ + mkdir -p /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/bash-completion/completions + install -p extras/bash_completion.d/lynis /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/bash-completion/completions/ + mkdir -p /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/var/log/ + touch /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/var/log/lynis.log + touch /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/var/log/lynis-report.dat + /usr/bin/find-debuginfo -j32 --strict-build-id -m -i --build-id-seed 3.1.1-1.fc40 --unique-debug-suffix -3.1.1-1.fc40.noarch --unique-debug-src-base lynis-3.1.1-1.fc40.noarch --run-dwz --dwz-low-mem-die-limit 10000000 --dwz-max-die-limit 50000000 -S debugsourcefiles.list /builddir/build/BUILD/lynis find-debuginfo: starting Extracting debug info from 0 files Creating .debug symlinks for symlinks to ELF files find-debuginfo: done + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/redhat/brp-ldconfig + /usr/lib/rpm/brp-compress + /usr/lib/rpm/redhat/brp-strip-lto /usr/bin/strip + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/check-rpaths + /usr/lib/rpm/redhat/brp-mangle-shebangs mangling shebang in /usr/bin/lynis from /bin/sh to #!/usr/bin/sh *** WARNING: ./usr/share/lynis/plugins/README is executable but has no shebang, removing executable bit mangling shebang in /usr/share/lynis/plugins/custom_plugin.template from /bin/sh to #!/usr/bin/sh *** WARNING: ./usr/share/bash-completion/completions/lynis is executable but has no shebang, removing executable bit *** WARNING: ./etc/lynis/default.prf is executable but has no shebang, removing executable bit + /usr/lib/rpm/brp-remove-la-files + env /usr/lib/rpm/redhat/brp-python-bytecompile '' 1 0 -j32 + /usr/lib/rpm/redhat/brp-python-hardlink Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.v8BPzA + umask 022 + cd /builddir/build/BUILD + CFLAGS='-O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fno-omit-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fno-omit-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fno-omit-frame-pointer -I/usr/lib/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fno-omit-frame-pointer -I/usr/lib/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd lynis + ./lynis audit system --quick --pentest [ Lynis 3.1.1 ] ################################################################################ Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See the LICENSE file for details about using this software. 2007-2021, CISOfy - https://cisofy.com/lynis/ Enterprise support available (compliance, plugins, interface and tools) ################################################################################ [+] Initializing program ------------------------------------ ################################################################### # # # NON-PRIVILEGED SCAN MODE # # # ################################################################### NOTES: -------------- * Some tests will be skipped (as they require root permissions) * Some tests might fail silently or give different results - Detecting OS...  [ DONE ] - Checking profiles... [ DONE ] --------------------------------------------------- Program version: 3.1.1 Operating system: Linux Operating system name: Fedora Linux Operating system version: 40 Kernel version: 6.5.0 Hardware platform: riscv64 Hostname: no-hostname --------------------------------------------------- Profiles: /builddir/build/BUILD/lynis/default.prf Log file: /builddir/lynis.log Report file: /builddir/lynis-report.dat Report version: 1.0 Plugin directory: ./plugins --------------------------------------------------- Auditor: [Not Specified] Language: en Test category: all Test group: all --------------------------------------------------- - Program update status...  [ SKIPPED ] [+] System tools ------------------------------------ - Scanning available tools... - Checking system binaries... pgrep: pattern that searches for process name longer than 15 characters will result in zero matches Try `pgrep -f' option to match against the complete command line. [+] Plugins (phase 1) ------------------------------------ Note: plugins have more extensive tests and may take several minutes to complete   - Plugins enabled [ NONE ] ================================================================= Exception found! Function/test: [GetHostID] Message: HostID could not be generated Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= ================================================================= Exception found! Function/test: [GetHostID] Message: No unique host identifier could be created. Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= [+] Boot and services ------------------------------------ [WARNING]: Test CORE-1000 had a long execution: 27.447631 seconds ================================================================= Exception found! Function/test: [BOOT-5104:001] Message: Unknown service manager Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= - Service Manager [ UNKNOWN ] - Boot loader [ NONE FOUND ] - Check startup files (permissions) [ OK ] [+] Kernel ------------------------------------ - Checking kernel version and release [ DONE ] - Checking Linux kernel configuration file [ NOT FOUND ] - Checking core dumps configuration - configuration in /etc/profile [ DEFAULT ] - 'hard' configuration in /etc/security/limits.conf [ DEFAULT ] - 'soft' configuration in /etc/security/limits.conf [ DEFAULT ] - Checking setuid core dumps configuration [ PROTECTED ] - Check if reboot is needed [ UNKNOWN ] [+] Memory and Processes ------------------------------------ - Checking /proc/meminfo [ FOUND ] - Searching for dead/zombie processes [ NOT FOUND ] - Searching for IO waiting processes [ NOT FOUND ] - Search prelink tooling [ NOT FOUND ] [+] Users, Groups and Authentication ------------------------------------ - Administrator accounts [ OK ] - Unique UIDs [ OK ] - Unique group IDs [ OK ] - Unique group names [ OK ] - Password file consistency [ SUGGESTION ] - Checking password hashing rounds [ DISABLED ] - Query system users (non daemons) [ DONE ] - NIS+ authentication support [ NOT ENABLED ] - NIS authentication support [ NOT ENABLED ] - Sudoers file [ NOT FOUND ] - PAM password strength tools [ OK ] - PAM configuration file (pam.conf) [ NOT FOUND ] - PAM configuration files (pam.d) [ FOUND ] - PAM modules [ FOUND ] - LDAP module in PAM [ NOT FOUND ] passwd: You may not view or modify password information for root. passwd: You may not view or modify password information for bin. passwd: You may not view or modify password information for daemon. passwd: You may not view or modify password information for adm. passwd: You may not view or modify password information for lp. passwd: You may not view or modify password information for sync. passwd: You may not view or modify password information for shutdown. passwd: You may not view or modify password information for halt. passwd: You may not view or modify password information for mail. passwd: You may not view or modify password information for operator. passwd: You may not view or modify password information for games. passwd: You may not view or modify password information for ftp. passwd: You may not view or modify password information for nobody. passwd: You may not view or modify password information for root. passwd: You may not view or modify password information for bin. passwd: You may not view or modify password information for daemon. passwd: You may not view or modify password information for adm. passwd: You may not view or modify password information for lp. passwd: You may not view or modify password information for sync. passwd: You may not view or modify password information for shutdown. passwd: You may not view or modify password information for halt. passwd: You may not view or modify password information for mail. passwd: You may not view or modify password information for operator. passwd: You may not view or modify password information for games. passwd: You may not view or modify password information for ftp. passwd: You may not view or modify password information for nobody. passwd: You may not view or modify password information for root. passwd: You may not view or modify password information for bin. passwd: You may not view or modify password information for daemon. passwd: You may not view or modify password information for adm. passwd: You may not view or modify password information for lp. passwd: You may not view or modify password information for sync. passwd: You may not view or modify password information for shutdown. passwd: You may not view or modify password information for halt. passwd: You may not view or modify password information for mail. passwd: You may not view or modify password information for operator. passwd: You may not view or modify password information for games. passwd: You may not view or modify password information for ftp. passwd: You may not view or modify password information for nobody. - Accounts without expire date [ OK ] - Accounts without password [ OK ] - Locked accounts [ OK ] - Checking user password aging (minimum) [ DISABLED ] - User password aging (maximum) [ DISABLED ] - Determining default umask - umask (/etc/profile) [ NOT FOUND ] - umask (/etc/login.defs) [ SUGGESTION ] - LDAP authentication support [ NOT ENABLED ] - Logging failed login attempts [ DISABLED ] [+] Shells ------------------------------------ - Checking shells from /etc/shells Result: found 4 shells (valid shells: 4). - Session timeout settings/tools [ NONE ] - Checking default umask values - Checking default umask in /etc/bashrc [ WEAK ] - Checking default umask in /etc/csh.cshrc [ WEAK ] - Checking default umask in /etc/profile [ NONE ] [+] File systems ------------------------------------ - Checking mount points - Checking /home mount point [ SUGGESTION ] - Checking /tmp mount point [ SUGGESTION ] - Checking /var mount point [ SUGGESTION ] - Query swap partitions (fstab) [ NONE ] - Testing swap partitions [ OK ] - Testing /proc mount (hidepid) [ SUGGESTION ] - Checking for old files in /tmp [ OK ] - Checking /tmp sticky bit [ OK ] - Checking /var/tmp sticky bit [ OK ] - Mount options of /dev [ PARTIALLY HARDENED ] - Mount options of /dev/shm [ PARTIALLY HARDENED ] - Mount options of /run [ HARDENED ] - Total without nodev:20 noexec:25 nosuid:2 ro or noexec (W^X): 23 of total 38 [WARNING]: Test FILE-6374 had a long execution: 11.680939 seconds [+] USB Devices ------------------------------------ - Checking usb-storage driver (modprobe config) [ NOT DISABLED ] - Checking USB devices authorization [ DISABLED ] - Checking USBGuard [ NOT FOUND ] [+] Storage ------------------------------------ - Checking firewire ohci driver (modprobe config) [ NOT DISABLED ] [+] NFS ------------------------------------ - Check running NFS daemon [ NOT FOUND ] [+] Name services ------------------------------------ - Searching DNS domain name [ UNKNOWN ] - Checking /etc/hosts - Duplicate entries in hosts file [ NONE ] - Presence of configured hostname in /etc/hosts [ NOT FOUND ] - Hostname mapped to localhost [ NOT FOUND ] - Localhost mapping to IP address [ OK ] [+] Ports and packages ------------------------------------ - Searching package managers - Searching RPM package manager [ FOUND ] - Querying RPM package manager [WARNING]: Test PKGS-7308 had a long execution: 59.079139 seconds - Checking package audit tool [ NONE ] - Toolkit for automatic upgrades [ NOT FOUND ] [+] Networking ------------------------------------ - Checking IPv6 configuration [ ENABLED ] Configuration method [ AUTO ] IPv6 only [ NO ] [WARNING]: Test NETW-2600 had a long execution: 64.267996 seconds - Checking configured nameservers - Minimal of 2 responsive nameservers [ SKIPPED ] ================================================================= Exception found! Function/test: [NETW-3004:1] Message: No interfaces found on this system (OS=Linux) Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= ================================================================= Exception found! Function/test: [NETW-3006:2] Message: Missing ifconfig or ip command to collect hardware address (MAC) Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= ================================================================= Exception found! Function/test: [NETW-3008:2] Message: Missing ifconfig or ip command to collect hardware address (MAC) Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= ================================================================= Exception found! Function/test: [NETW-3012:1] Message: netstat and ss binary missing to gather listening ports Help improving the Lynis community with your feedback! Steps: - Ensure you are running the latest version (./lynis update check) - If so, create a GitHub issue at https://github.com/CISOfy/lynis - Include relevant parts of the log file or configuration file Thanks! ================================================================= - Getting listening ports (TCP/UDP) [ SKIPPED ] - Checking promiscuous interfaces [ UNKNOWN ] - Checking status DHCP client [ NOT ACTIVE ] - Checking for ARP monitoring software [ NOT FOUND ] - Uncommon network protocols [ 0 ] [+] Printers and Spools ------------------------------------ - Checking cups daemon [ NOT FOUND ] - Checking lp daemon [ NOT RUNNING ] [+] Software: e-mail and messaging ------------------------------------ [+] Software: firewalls ------------------------------------ - Checking iptables support [ FOUND ] - Checking host based firewall [ ACTIVE ] [+] Software: webserver ------------------------------------ - Checking Apache [ NOT FOUND ] - Checking nginx [ NOT FOUND ] [+] SSH Support ------------------------------------ - Checking running SSH daemon [ NOT FOUND ] [+] SNMP Support ------------------------------------ - Checking running SNMP daemon [ NOT FOUND ] [+] Databases ------------------------------------ No database engines found [+] LDAP Services ------------------------------------ - Checking OpenLDAP instance [ NOT FOUND ] [+] PHP ------------------------------------ - Checking PHP [ NOT FOUND ] [WARNING]: Test PHP-2211 had a long execution: 36.245694 seconds [+] Squid Support ------------------------------------ - Checking running Squid daemon [ NOT FOUND ] [+] Logging and files ------------------------------------ - Checking for a running log daemon [ WARNING ] - Checking Syslog-NG status [ NOT FOUND ] - Checking systemd journal status [ NOT FOUND ] - Checking Metalog status [ NOT FOUND ] - Checking RSyslog status [ NOT FOUND ] - Checking RFC 3195 daemon status [ NOT FOUND ] - Checking klogd [ NOT FOUND ] - Checking minilogd instances [ NOT FOUND ] - Checking logrotate presence [ WARNING ] - Checking log directories (static list) [ DONE ] - Checking open log files [ SKIPPED ] [+] Insecure services ------------------------------------ - Installed inetd package [ NOT FOUND ] - Installed xinetd package [ OK ] - xinetd status [ NOT ACTIVE ] - Installed rsh client package [ OK ] - Installed rsh server package [ OK ] - Installed telnet client package [ OK ] - Installed telnet server package [ NOT FOUND ] - Checking NIS client installation [ OK ] - Checking NIS server installation [ OK ] - Checking TFTP client installation [ OK ] - Checking TFTP server installation [ OK ] [+] Banners and identification ------------------------------------ - /etc/issue [ SYMLINK ] - /etc/issue contents [ WEAK ] - /etc/issue.net [ SYMLINK ] - /etc/issue.net contents [ WEAK ] [+] Scheduled tasks ------------------------------------ - Checking crontab and cronjob files [ DONE ] [+] Accounting ------------------------------------ - Checking accounting information [ NOT FOUND ] - Checking sysstat accounting data [ NOT FOUND ] - Checking auditd [ NOT FOUND ] [+] Time and Synchronization ------------------------------------ - Checking for a running NTP daemon or client [ WARNING ] [+] Cryptography ------------------------------------ - Kernel entropy is sufficient [ YES ] - HW RNG & rngd [ NO ] - SW prng [ NO ] - MOR variable not found [ WEAK ] [+] Virtualization ------------------------------------ [+] Containers ------------------------------------ [+] Security frameworks ------------------------------------ - Checking presence AppArmor [ NOT FOUND ] - Checking presence SELinux [ NOT FOUND ] - Checking presence TOMOYO Linux [ NOT FOUND ] - Checking presence grsecurity [ NOT FOUND ] - Checking for implemented MAC framework [ NONE ] [+] Software: file integrity ------------------------------------ - Checking file integrity tools - Checking presence integrity tool [ NOT FOUND ] [+] Software: System tooling ------------------------------------ - Checking automation tooling - Automation tooling [ NOT FOUND ] - Checking for IDS/IPS tooling [ NONE ] [+] Software: Malware ------------------------------------ - Malware software components [ NOT FOUND ] [+] File Permissions ------------------------------------ - Starting file permissions check File: /etc/group [ OK ] File: /etc/group- [ OK ] File: /etc/issue [ OK ] File: /etc/issue.net [ OK ] File: /etc/motd [ OK ] File: /etc/passwd [ OK ] File: /etc/passwd- [ OK ] [+] Home directories ------------------------------------ [WARNING]: Test FILE-7524 had a long execution: 15.339589 seconds - Permissions of home directories [ WARNING ] - Ownership of home directories [ OK ] - Checking shell history files [ OK ] [+] Kernel Hardening ------------------------------------ - Comparing sysctl key pairs with scan profile - dev.tty.ldisc_autoload (exp: 0) [ DIFFERENT ] - fs.protected_fifos (exp: 2) [ DIFFERENT ] - fs.protected_hardlinks (exp: 1) [ OK ] - fs.protected_regular (exp: 2) [ DIFFERENT ] - fs.protected_symlinks (exp: 1) [ OK ] - fs.suid_dumpable (exp: 0) [ DIFFERENT ] - kernel.core_uses_pid (exp: 1) [ OK ] - kernel.ctrl-alt-del (exp: 0) [ OK ] - kernel.dmesg_restrict (exp: 1) [ DIFFERENT ] - kernel.kptr_restrict (exp: 2) [ DIFFERENT ] - kernel.modules_disabled (exp: 1) [ DIFFERENT ] - kernel.perf_event_paranoid (exp: 3) [ DIFFERENT ] - kernel.randomize_va_space (exp: 2) [ OK ] - kernel.sysrq (exp: 0) [ DIFFERENT ] - kernel.unprivileged_bpf_disabled (exp: 1) [ DIFFERENT ] - kernel.yama.ptrace_scope (exp: 1 2 3) [ DIFFERENT ] - net.ipv4.conf.all.accept_redirects (exp: 0) [ DIFFERENT ] - net.ipv4.conf.all.accept_source_route (exp: 0) [ OK ] - net.ipv4.conf.all.bootp_relay (exp: 0) [ OK ] - net.ipv4.conf.all.forwarding (exp: 0) [ OK ] - net.ipv4.conf.all.log_martians (exp: 1) [ DIFFERENT ] - net.ipv4.conf.all.mc_forwarding (exp: 0) [ OK ] - net.ipv4.conf.all.proxy_arp (exp: 0) [ OK ] - net.ipv4.conf.all.rp_filter (exp: 1) [ DIFFERENT ] - net.ipv4.conf.all.send_redirects (exp: 0) [ DIFFERENT ] - net.ipv4.conf.default.accept_redirects (exp: 0) [ DIFFERENT ] - net.ipv4.conf.default.accept_source_route (exp: 0) [ OK ] - net.ipv4.conf.default.log_martians (exp: 1) [ DIFFERENT ] - net.ipv4.icmp_echo_ignore_broadcasts (exp: 1) [ OK ] - net.ipv4.icmp_ignore_bogus_error_responses (exp: 1) [ OK ] - net.ipv4.tcp_syncookies (exp: 1) [ OK ] - net.ipv4.tcp_timestamps (exp: 0 1) [ OK ] - net.ipv6.conf.all.accept_redirects (exp: 0) [ DIFFERENT ] - net.ipv6.conf.all.accept_source_route (exp: 0) [ OK ] - net.ipv6.conf.default.accept_redirects (exp: 0) [ DIFFERENT ] - net.ipv6.conf.default.accept_source_route (exp: 0) [ OK ] [+] Hardening ------------------------------------ [WARNING]: Test KRNL-6000 had a long execution: 91.758635 seconds - Installed compiler(s) [ FOUND ] - Installed malware scanner [ NOT FOUND ] - Non-native binary formats [ NOT FOUND ] [+] Custom tests ------------------------------------ - Running custom tests...  [ NONE ] [+] Plugins (phase 2) ------------------------------------ ================================================================================ -[ Lynis 3.1.1 Results ]- Warnings (1): ---------------------------- ! klogd is not running, which could lead to missing kernel messages in log files [LOGG-2138] https://cisofy.com/lynis/controls/LOGG-2138/ Suggestions (33): ---------------------------- * If not required, consider explicit disabling of core dump in /etc/security/limits.conf file [KRNL-5820] https://cisofy.com/lynis/controls/KRNL-5820/ * Run pwck manually and correct any errors in the password file [AUTH-9228] https://cisofy.com/lynis/controls/AUTH-9228/ * Configure password hashing rounds in /etc/login.defs [AUTH-9230] https://cisofy.com/lynis/controls/AUTH-9230/ * Configure minimum password age in /etc/login.defs [AUTH-9286] https://cisofy.com/lynis/controls/AUTH-9286/ * Configure maximum password age in /etc/login.defs [AUTH-9286] https://cisofy.com/lynis/controls/AUTH-9286/ * Default umask in /etc/login.defs could be more strict like 027 [AUTH-9328] https://cisofy.com/lynis/controls/AUTH-9328/ * To decrease the impact of a full /home file system, place /home on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/ * To decrease the impact of a full /tmp file system, place /tmp on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/ * To decrease the impact of a full /var file system, place /var on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/ * Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [USB-1000] https://cisofy.com/lynis/controls/USB-1000/ * Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [STRG-1846] https://cisofy.com/lynis/controls/STRG-1846/ * Check DNS configuration for the dns domain name [NAME-4028] https://cisofy.com/lynis/controls/NAME-4028/ * Add the IP name and FQDN to /etc/hosts for proper name resolving [NAME-4404] https://cisofy.com/lynis/controls/NAME-4404/ * Install a package audit tool to determine vulnerable packages [PKGS-7398] https://cisofy.com/lynis/controls/PKGS-7398/ * Consider using a tool to automatically apply upgrades [PKGS-7420] https://cisofy.com/lynis/controls/PKGS-7420/ * Determine if protocol 'dccp' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/ * Determine if protocol 'sctp' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/ * Determine if protocol 'rds' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/ * Determine if protocol 'tipc' is really needed on this system [NETW-3200] https://cisofy.com/lynis/controls/NETW-3200/ * Check if any syslog daemon is running and correctly configured. [LOGG-2130] https://cisofy.com/lynis/controls/LOGG-2130/ * Check if log files are properly rotated [LOGG-2146] https://cisofy.com/lynis/controls/LOGG-2146/ * Add a legal banner to /etc/issue, to warn unauthorized users [BANN-7126] https://cisofy.com/lynis/controls/BANN-7126/ * Add legal banner to /etc/issue.net, to warn unauthorized users [BANN-7130] https://cisofy.com/lynis/controls/BANN-7130/ * Enable process accounting [ACCT-9622] https://cisofy.com/lynis/controls/ACCT-9622/ * Enable sysstat to collect accounting (no results) [ACCT-9626] https://cisofy.com/lynis/controls/ACCT-9626/ * Enable auditd to collect audit information [ACCT-9628] https://cisofy.com/lynis/controls/ACCT-9628/ * Use NTP daemon or NTP client to prevent time issues. [TIME-3104] https://cisofy.com/lynis/controls/TIME-3104/ * Install a file integrity tool to monitor changes to critical and sensitive files [FINT-4350] https://cisofy.com/lynis/controls/FINT-4350/ * Determine if automation tools are present for system management [TOOL-5002] https://cisofy.com/lynis/controls/TOOL-5002/ * Double check the permissions of home directories as some might be not strict enough. [HOME-9304] https://cisofy.com/lynis/controls/HOME-9304/ * One or more sysctl values differ from the scan profile and could be tweaked [KRNL-6000] - Solution : Change sysctl value or disable test (skip-test=KRNL-6000:) https://cisofy.com/lynis/controls/KRNL-6000/ * Harden compilers like restricting access to root user only [HRDN-7222] https://cisofy.com/lynis/controls/HRDN-7222/ * Harden the system by installing at least one malware scanner, to perform periodic file system scans [HRDN-7230] - Solution : Install a tool like rkhunter, chkrootkit, OSSEC, Wazuh https://cisofy.com/lynis/controls/HRDN-7230/ Follow-up: ---------------------------- - Show details of a test (lynis show details TEST-ID) - Check the logfile for all details (less /builddir/lynis.log) - Read security controls texts (https://cisofy.com) - Use --upload to upload data to central system (Lynis Enterprise users) ================================================================================ Lynis security scan details: Hardening index : 54 [########## ] Tests performed : 205 Plugins enabled : 0 Components: - Firewall [V] - Malware scanner [X] Scan mode: Normal [ ] Forensics [ ] Integration [ ] Pentest [V] (running non-privileged) Lynis modules: - Compliance status [?] - Security audit [V] - Vulnerability scan [V] Files: - Test and debug information : /builddir/lynis.log - Report data : /builddir/lynis-report.dat ================================================================================ Exceptions found Some exceptional events or information was found! What to do: You can help by providing your log file (/builddir/lynis.log). Go to https://cisofy.com/contact/ and send your file to the e-mail address listed ================================================================================ Skipped tests due to non-privileged mode BOOT-5108 - Check Syslinux as bootloader BOOT-5109 - Check rEFInd as bootloader BOOT-5116 - Check if system is booted in UEFI mode BOOT-5140 - Check for ELILO boot loader presence AUTH-9216 - Check group and shadow group files AUTH-9229 - Check password hashing methods AUTH-9288 - Checking for expired passwords FILE-6368 - Checking ACL support on root file system FIRE-4586 - Check firewall logging CRYP-7930 - Determine if system uses LUKS block device encryption ================================================================================ Lynis 3.1.1 Auditing, system hardening, and compliance for UNIX-based systems (Linux, macOS, BSD, and others) 2007-2021, CISOfy - https://cisofy.com/lynis/ Enterprise support available (compliance, plugins, interface and tools) ================================================================================ [TIP]: Enhance Lynis audits by adding your settings to custom.prf (see /builddir/build/BUILD/lynis/default.prf for all settings) + RPM_EC=0 ++ jobs -p + exit 0 Processing files: lynis-3.1.1-1.fc40.noarch Executing(%doc): /bin/sh -e /var/tmp/rpm-tmp.tJRolx + umask 022 + cd /builddir/build/BUILD + cd lynis + DOCDIR=/builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/doc/lynis + export LC_ALL= + LC_ALL= + export DOCDIR + /usr/bin/mkdir -p /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/doc/lynis + cp -pr /builddir/build/BUILD/lynis/CHANGELOG.md /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/doc/lynis + cp -pr /builddir/build/BUILD/lynis/CONTRIBUTORS.md /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/doc/lynis + cp -pr /builddir/build/BUILD/lynis/FAQ /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/doc/lynis + cp -pr /builddir/build/BUILD/lynis/README /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/doc/lynis + cp -pr /builddir/build/BUILD/lynis/extras/systemd /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/doc/lynis + RPM_EC=0 ++ jobs -p + exit 0 Executing(%license): /bin/sh -e /var/tmp/rpm-tmp.zfsiHK + umask 022 + cd /builddir/build/BUILD + cd lynis + LICENSEDIR=/builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/licenses/lynis + export LC_ALL= + LC_ALL= + export LICENSEDIR + /usr/bin/mkdir -p /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/licenses/lynis + cp -pr /builddir/build/BUILD/lynis/LICENSE /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch/usr/share/licenses/lynis + RPM_EC=0 ++ jobs -p + exit 0 Provides: config(lynis) = 3.1.1-1.fc40 lynis = 3.1.1-1.fc40 Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires: /usr/bin/sh Checking for unpackaged file(s): /usr/lib/rpm/check-files /builddir/build/BUILDROOT/lynis-3.1.1-1.fc40.noarch Wrote: /builddir/build/RPMS/lynis-3.1.1-1.fc40.noarch.rpm Child return code was: 0